I have set up a checkpoint NGX vpn to a sonicwall administered by third-party . Phase 1 completes fine after sending continuous ping to generate interesting traffic and IKE tunnel is established but problems develop on phase 2 .
All subsequent packets are dropped with the error message _ no valid SA.
All phase 2 encryption packets match up on both sides - ie 3des, md5 - pfs off. ( i have been sent screenshots of settings from sonicwall administrator)
the following error displays : encyrption fail reason:Packet is dropped because there is no valid SA
tcpdump on nokia on destination host doesnt give me any more information.
Weird thing is - Directly after I install the policy on the checkpoint, the tracking logs display in one sequence only that the traffic is being encrypted with no error. All subsequent packets are dropped.
SEems to me to be a stale SA scenario but should nt hav eto keep refreshing the vpn tunnel to get it working anyway !! would be grateful if someone has seen similar issues before !